Skip to main content

Develop GP Connect services

You may be working with an end-user organisation to solve a business need or looking to develop GP Connect APIs to secure a place in the healthcare market. The information below and associated pages will help you to understand the process of getting your product ready for use. 

New National Data Sharing Arrangement for GP Connect

A National Data Sharing Arrangement (NDSA) has been launched for GP Connect users. 

The GP Connect NDSA sets out the data sharing requirements and obligations for the use of GP Connect for end user organisations. 

If your organisation already uses GP Connect, you don't need to sign the NDSA but please review our action to take guidance.

GP Connect is for direct patient care

GP Connect products can help health and social care professionals share, view or act on information that could be required for a patient’s direct care, but they would otherwise have difficulty accessing easily (for example if they are using different IT systems).

Organisations can have access to relevant information in GP patient records to provide direct care to patients only.

No other use of patient information via GP Connect (such as planning or research) is permitted under the conditions of the legal direction for GP Connect: Establishment of systems: digital interoperability platform 2019.

To be granted access to GP patient records organisations must:

The GP Connect team

The GP Connect team is part of the Direct Care APIs programme at NHS England.

Their role is to manage the GP Connect products as follows:

  • publish specifications for the GP Connect capability application programming interfaces (APIs) - APIs are built into provider and consumer systems and allow data to be shared between different IT systems
  • provide clinical and technical assurance of provider systems against the published specifications
  • provide technical assurance of consumer systems to the published specifications and publish a list of approved systems
  • define processes for onboarding to use GP Connect products
  • provide local implementation managers to support GP Connect projects - you can email [email protected] to find out who your local contact is
  • publish information about the approved use case for each consumer system, outlining the purpose for which they have GP Connect access

You can email the GP Connect team at [email protected].

Provider organisations

Typically GP practices, provider organisations hold the GP patient record and will be providers and data controllers of the data shared via GP Connect: Access Record products. GP Connect: Appointment Management allows appointment books to be shared between GP practices and GP Extended Access Hubs, for example.

Organisations wishing to develop GP Connect provider services should contact [email protected].

Consumer organisations

Consumer organisations view the GP patient record shared by the provider organisation or make bookings on behalf of a patient. This could be an NHS 111 service or another GP practice offering services to patients registered at a provider practice in a primary care network (PCN) model. To meet different use cases, a single organisation can be both a provider and consumer, such as extended access working. GP system suppliers have developed both consumer and provider functionality to meet this need.

Consumer system assurance

Consumer systems are tested for compliance with GP Connect specifications and a technical conformance certificate is issued when testing is complete and the product is technically ready. The vehicle for this process is the Supplier Conformance Activities List (SCAL).

More details of the consumer assurance process can be found on our consumer portal.

It is the consuming organisation's responsibility to ensure that the consumer system is fit for its intended use and that any risks in undertaking the implementation are mitigated. NHS England does not impose any specific testing other than that undertaken to meet the elements of the SCAL. Any system-specific questions should be directed to the consumer supplier.

To complete the assurance process and before going live, the connecting party will be required to sign a Connection Agreement. This agreement outlines the responsibilities, obligations and terms of use for the consumers. The Connection Agreement covers other NHS England products, so you may already have signed a copy from another integration. If you have, you will be required to sign again to agree to the GP Connect terms. You can see a draft copy at Operations. A bespoke copy will be provided by your assurance lead during the assurance process.

Systems which are already assured as a GP Connect Consumer are listed

Clinical safety review of the consumer supplier system

As part of accepting a GP Connect integration into their current system or deploying a new system with GP Connect capabilities, the consumer organisation must remain compliant with Clinical risk management standard DCB0160, which ensures the system's clinical safety.  As part of the obligation to comply with DCB0160 the consumer organisation should appoint a Clinical Safety Officer who must:

  • review the consumer supplier's clinical safety case report and hazard log, and have accepted and mitigated any relevant clinical risks
  • establish their own clinical safety case report and hazard log in readiness for the implementation of GP Connect, making sure any relevant clinical risks and mitigations passed from the supplier have been included

Read more about the clinical risk management standards.

An overview of the process follows. More detailed information can be found on our consumer portal.

Consumer system onboarding

1. Find out if you already meet the prerequisites

Review the prerequisites required for GP Connect assurance on our consumer portal.

2. Contact NHS England to express an interest

The GP Connect team requires an example use case to assess how you plan to use GP Connect APIs and the business issue you are looking to address.

You may find it useful to read the GP Connect specifications for developers and our support hub to know which product is right for your user case.  

You can submit your use case directly to the GP Connect team by completing a use case submission form.

Following the approval of a use case, development work should be started within 6 months of use case approval. If this date is missed, a review or new submission of the use case will be required. Changes or additional development will also require a review or new use case submission.

Once your use case has been received, we will respond within 14 calendar days. Subject to approval of the use case, the next steps are:

  • The GP Connect team will support you through the assurance process through to go live. A GP Connect team service practitioner will discuss the assurance process and artefacts with you to help you understand the requirements
  • Development work should be started within 6 months of use case approval. If this date is missed, a review or new submission of the use case will be required. Changes or additional development will also require a review or new use case submission.

3. Develop against the relevant specifications

Complete your development of the GP Connect capabilities you want to use. Supporting materials are available with our specifications.

Find out the current, upcoming, and archived versions of GP Connect API and Messaging specifications.

We have developed an internet-facing system demonstrator to help with your development and initial testing.

When the development has been completed, we need evidence of your development in the form of example interactions between your system and our demonstrator.

4. Test in the NHS England integration environment

Once we've confirmed your evidence, you can access the NHS England integration environment to test your consumer system against the full end-to-end NHS England system, including Personal Demographics Service (PDS) and Spine Directory Service (SDS) integration.

The test evidence from integration will be used to complete your Supplier Conformance Assessment List (SCAL). The SCAL is a technical document used to assure all consumer suppliers against the NHS England API Specifications. The SCAL, with associated test evidence, is then submitted to NHS England's Solutions Assurance Team to review and approve the document.

In the integration environment, you'll need to test against each of the GP provider systems you expect to consume in live. A statement confirming that this testing has been completed is required by NHS England's Solutions Assurance Team.

5. Technical conformance

When your SCAL has been approved, NHS England's Solutions Assurance Team will create and issue a Technical Conformance Certificate to finalise the assurance process.

The Technical Conformance Certificate gives you the approval to deploy your consumer product in conjunction with an NHS Commissioner.

6. The First of Type (FoT) process

The SCAL process does not dictate a pilot/beta phase for consumer systems. We will take a risk-based approach and may impose an in-live assessment phase where the system will be assessed on:

  • clinical safety – checking there’s no risk in using this product in a clinical setting
  • information governance – protecting patient data to agreed high standards
  • technical conformance – how well it works with other systems
  • whether it does what it was designed to do

7. Deployment activities

Further information

Last edited: 13 February 2024 8:08 pm